… or why it’s useless to have the most secure crypto system in the world, when using non-free and untrustworthy tools and libraries to implement it.
In April, the European Commission issued a statement against Google for the way they promote and distribute their apps on the Android platform. Google answered last week with a public blog post, more like a marketing campaign, including a video, nice animated pictures and updated websites. Of course, as it’s Google responding, there are a lot of points “proving” the European Commission wrong.
Wait… If it is really proving, why make it a public marketing campaign and not just a letter to the European commission? Do you need to convince the public about something, if you can make points that convince the responsible people? Well, maybe the points they made are not that convincing to some people, so let’s check the details of this campaign. Continue reading
To use all the neat features from the microG project, which allows you to use all features of your Android smartphone without those shitty, proprietary battery-consuming Google blobs, your system is required to support signature spoofing. Currently only very few custom ROMs have built-in support for this feature, luckily you can use Xposed or a patching tool to add the feature to the systems that don’t have it.
But: What is all this about? Is signature spoofing a problem when not using microG? Will it influence my security?